Debian Security Advisory

DSA-200-1 samba -- remote exploit

Steve Langasek found an exploitable bug in the password handling
code in samba: when converting from DOS code-page to little endian
UCS2 unicode a buffer length was not checked and a buffer could
be overflowed. There is no known exploit for this, but an upgrade
is strongly recommended.

This problem has been fixed in version 2.2.3a-12 of the Debian
samba packages and upstream version 2.2.7.